How to scam $102,860 USD worth of Ethereum in 24 hrs with Slack

Slack was designed for teams in an organization to collaborate. The concept of a team has a fundamental assumption of trust built into it.

As a result Slack has a bunch of scam vectors.

A lot of cryptocurrency projects are using Slack as a medium of communication. Ethereum introduced the Initial Coin Offering (ICO) concept with its crowd sale. Raising funds before the project was finished in exchange for tokens.

Yielding 96,560%, the Ethereum crowd sale worked out ok for those still holding.

Now if you’re not deep into crypto you might think Ethereum was a fluke. To give you context for why there is epic FOMO happening right now take a look at these returns.

Going to the moon anyone?

Returns like this have never been available before, let alone to regular people. This has lead to a willingness to believe in the unbelievable. Combine:

No regulationNo recourseA direct channel to targetsFOMOUnprecedented gains that put a get rich quick scheme to shame

and you have a scammers paradise.

Attack 1 — Direct Messages

Slack is kind enough to send users an email to let them know they have unread direct messages. Naturally scammers have started sending direct messages to users. This bypasses email scam filters since the email is coming from [email protected]

When an ICO happens the process is communicated through a variety of public channels. These announcements create a very convincing template for scammers to use.

I want a 100% bonus …. like, who doesn’t?

Blockchain provides transparency into how much was scammed.

etherscan.io makes it easy to look up transactions on the blockchain to a particular address. Using the address in the scam we can see 106 transactions and a balance of $102,680.35 USD

A variation involves an alert from the security team.

Seems legit, except for the dodgy My Ether Wallet URL…

myethwallet.eu rather than www.myetherwallet.com

Also a quick google of the sender shows that the CTO of Golem Project isn’t called Pedro.

The effectiveness of this one is harder to measure since we don’t know the wallet details.

Teams are able to deal with this type of scam by kicking the scammers out of the slack group. This deletes all the direct messages from the scammer.

Attack 2 — Slackbot Tasks

A scammer can set tasks for every user via slackbot. Once the scammer is detected and kicked out of the slack group there is no way to delete the tasks. As a result slackbot sends the message even after the scammer is removed.

This makes sense in a large organization, tasks still need to be completed if employees leave. In an open organization it makes it hard to clean up a scammers mess.

There is a lot of Fear Uncertainty and Doubt (FUD) in the trading channels. Aside from the noise they can be a great source for ICO’s to checkout. Clicking on links from slack is not such a great idea, so just Google it right? I heard a few people talking about Red Pulse along with Kyber (an ICO that is so hot right now). So naturally I was curious to know more.

Lots of ICO’s run ads

Now the Ad at the top takes you to this site.

Seems legit

The top ranking organic result goes to a very similar looking site

It is difficult to know if a site is real when its so easy to clone the original. In the case above the site saying that the registrations are closed is the real one.

Summary

If you’re getting into crypto and using the communities, if it sounds to good to be true it is probably a scam. Look for official channels to verify everything.

Always be skeptical.

The official channels can get hacked. The Enigma ICO accounts got hacked resulting in nearly $500,000 being stolen.

Trust no one

Follow me if you want to learn more about crypto and how to invest safely.

Another major milestone for 2018 achieved! #DAA Managers, when will you try out the new rebalancing page? Read our blog post for more details: https://t.co/zBlh7sv3uG— ICONOMI (@iconominet) August 14,...